Local Privilege Escalation in ONLYOFFICE Docs through 7.3 on Linux Distributions

Local Privilege Escalation in ONLYOFFICE Docs through 7.3 on Linux Distributions

CVE-2022-48422 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.